It is known that, in a LAN (Local Area Network) or WAN (Wide Area Network), a user typically inputs a password at login to be authenticated by a specific server. Then, the authenticating server, which does not hold a password itself, computes a hash function value of the input password and compares the computed value with a certain stored value associated with the user to determine whether to authenticate the user. In such an authentication system, the value associated with the user and stored in the server is not a password itself to be input by the user but is a hash function value of the password, and the hash function cannot be reverse-operated. Therefore, even if such a hash function value leaks from the server, the hash function value cannot be used for authentication. Thus, unauthenticated login attempts can be prevented.
Conventional authentication systems employing a hash function have problems when, for example, they are applied to authentication of a PC's firmware for controlling power-saving mode. For example, a computer virus that invades a PC may access an object to be authenticated that has an authenticator from which a hash function is generated, rather than accessing an authenticating entity that has a hash function value, and may successfully read the authenticator.
Further, a firmware program that may be authenticated is executed by a dedicated processor separate from a processor for executing an OS of the PC, and various programs executed on the processor for executing the OS generally cannot read the content of the firmware program. Therefore, the processor for executing the OS cannot read the code of the firmware program to determine whether to authenticate the firmware program based on the content.
The object of the invention is to provide an authentication system, firmware device, electrical apparatus, and authentication method for performing authentication based on an authenticator for generating a one-way function, wherein the possibility that malicious code or the like reads an authenticator is reduced and false authentication using a falsely read authenticator is prevented.